Security Focus columnist, Mark D. Rasch, J.D. provides an in-depth review of the Vista EULA in "Vista's EULA Product Activation Worries". Mark Rasch is a former head of the Justice Department's computer crime unit, and now serves as a lawyer specializing in computer crime, computer security, and privacy matters in Bethesda, Maryland.
As explained in a key point by Mr. Rasch:
“ Does the Microsoft EULA adequately tell you what will happen if you don’t activate the product or if you can’t establish that it is genuine? Well, not exactly. It does tell you that some parts of the product won’t work - but it also ambiguously says that the product itself won’t work. Moreover, it allows Microsoft, through fine print in a generally unread and non negotiable agreement, to create an opportunity for economic extortion. ”Thus, the EULA explains why the "Windows Vista Frankenbuilds Spotted in the Wild" will end up with limited utility. How will Microsoft achieve this? Through means such as published U.S. Patent Application, "Trusted license removal in a content protection system or the like." Claim 1 is illustrative:
"1. A method of removing a digital license from a client computing device, the digital license including an identification of a removal service that can authorize removing such license, the method comprising: the client selecting the license to be removed; the client selecting the service; the client constructing a challenge including therein a challenge license identification block (LIB) identifying the license to be removed, and sending the challenge to the service; the service receiving the challenge and storing at least a portion of the challenge in a database; the service constructing a response corresponding to the challenge and including therein a response LIB identifying the license to be removed and an identification of the service, and sending the response to the client; the client receiving the response and employing the response LIB from the response to identify the license to be removed; and the client removing the identified license upon confirming that the identification of the service in the identified license matches the identification of the service in the response."